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Remarks 

In the application, claims 1 through 10 are pending. No claims currently stand allowed. 

The Final Office Action dated January 4, 2005, has been carefully considered. The Final 
Office Action rejects claims 1 through 5, 11, and 12 under 35 U.S.C. § 112 for failure to comply 
with the written description requirement. Claims 1 and 2 are rejected under 35 U.S.C. § 103(a) as 
obvious in hght of U.S. Patents 6,298,383 ("Gutman") and 5,623,601 ("Vu"). Claims 3 through 8 
and 10 are rejected as obvious in light of Gutman, Vu, and U.S. Patent 5,913,025 ("Higley"). Claim 
9 is rejected as obvious in light of Gutman, Vu, Higley, and U.S. Patent 6,081,900 
("Subramaniam"). Finally, claims 1 1 and 12 are rejected as obvious in light of Higley, Gutman, and 
U.S. Patent 6, 1 98,824 ("Shambroom"). 

In order to expedite prosecution, the offending element in claim 1 is removed, and claim 1 1 
is cancelled, thus rendering the § 112 rejections moot. 

The present application and the cited art deal with various aspects of proxy authorization 
schemes. To present a common background to these schemes, a "user" is granted permission to 
access a "target service." (For consistency's sake, the present discussion uses the teraiinology of the 
present application. Gutman, in contrast, calls the user a "domain" and reserves the word "user" for 
the "proxy client.") Traditionally, the user must present his authentication credentials to the target 
service to prove that he in fact who he says he is and, thus, that he has the requisite permissions. In 
many of these proxying schemes, an application or service (called a "proxy client") takes the benefit 
of the user's permissions to access the target service in order to perform work for the user. 

In the proxy schemes detailed in the cited art, the proxy client always acts as a go-between 
to facilitate live communications between the user and the target service. For example, in Vu a 
firewall prevents a user behind the firewall fi'om directly communicating with a target service 
outside the firewall, A proxy client, using the authentication credentials of the user, logically sits on 
the firewall and communicates both with the user and with the target service. By serving as a 
communications pass-through, the proxy client allows the user to communicate with the target 
service almost as if the firewall were not there. The proxy schemes in the other cited references are 
similar, if not identical, to Vu. 
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The presently claimed invention, on the other hand, differs significantly from all of the 
proxy schemes in the cited art. Li the invention as presently claimed, the proxy communications are 
between the proxy client and the target service and do not involve the user at all This type of 
operation is often called "batch mode" (see the present specification, page 2, line 7, through page 3, 
line 25). Before the proxy communications begin, the user sets up the authentication credentials and 
grants the proxy client permission to use thetn. The user, in most cases, is also responsible for 
requesting that the proxy client access the target service, Dxiring the actual course of the proxy 
communications, however, the user is out of the picture: The end points of the communications are 
the proxy client, acting with the user's authentication credentials, and the target service. (The proxy 
client may, and probably will, provide status and completion information to the user.) Because the 
user is not directly involved, the user may wish to place limits on the extent of the proxy's authority. 
The following element of independent claim 1 emphasizes this ability: 

Claim 1 : registering proxy authorization information regarding the user with a 
trusted security server, the proxy authorization information 
identifying the proxy client and an extent of proxy authorization, the 
extent of proxy authorization comprising a restriction on a range of 
target services that the proxy client may access on behalf of the user; 

(Emphasis added.). This concept of limiting the authority of the proxy is discussed in the 
specification at, e.g., page 11, lines 7 through 9, page 18, line 15, through page 19, line 25, and page 
22, lines 13 through 15. In contrast, the proxy in the cited art always acts in concert with the user, so 
it would not make sense in the scenarios contemplated by the cited art to limit the proxy's range of 
authority. 

Applicants respectfully disagree with the rejection of the remaining independent claim, 
claim 6. Claim 6 calls for the trusted security server to store the user's authentication information: 

Claim 6: A computer-readable medium having computer-executable 
instructions for a trusted security server to perform the steps: 

storing proxy authorization information from a user for authorizing a 
proxy chent to act as a proxy of the user; 

(Emphasis added.) This is clearly different from the portion of Gutman cited against claim 6 in the 
Final Office Action. That section (Gutman, column 2, lines 6 through 10) describes some "minimal" 
user information kept by the ISP. However, that information cannot be the "proxy authorization 
information" of claim 6 because, in column 1, line 60, Gutman says that "the ISP cannot really 
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authenticate the user." (In Gutman, the proxy authorization information is instead stored in an 
Authentication, Authorization, and Accounting service which is distinct from the ISP.) Thus, the 
cited portion of Gutman does not contain this element of claim 6. 

In sum, the combination of the cited art simply does not show every element of the currently 
pending independent claims (1 and 6), and therefore the cited art neither anticipates nor renders 
obvious these independent claims. As all other currently pending claims depend from these claims, 
applicants request that the rejections be withdrawn and that all currently pending claims be allowed. 



The appUcation is considered in good and proper form for allowiance, and the Examiner is 
respectfully requested to pass this application to issue. If, in the opinion of the Examiner, a 
telephone conference would expedite the prosecution of the subject application, the Examiner is 
invited to call the undersigned attomey. 



Conclusion 




Respectfully submitted. 



JohnTrBretscher, Reg. No. 52,651 
One of the Attorneys for Applicants 
LEYDIG, VOIT & MAYER, LTD. 
Two Prudential Plaza, Suite 4900 
180 North Stetson 



Chicago, Illinois 60601-6780 
(312)616-5600 (telephone) 
(312)616-5700 (facsimile) 



Date: February 17, 2005 
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